iOS 5: How to encrypt property list in the bundle?

Question

I have proprietary information (formulas etc) stored in a property list which is shipped with the app. The property list will be created and edited by the property list editor in Xcode.

How can this property list be encrypted in iOS 5 to avoid reading the property list formulas by the user? I am looking for a solution that is very transparent and easy to implement.

why don't you encrypt the file and decrypt it and save in doc directory if itunes file sharing is not allowd... — Inder Kumar Rathore, Feb 22 '12 at 19:16
I was looking more for on-the-fly encryption. Thank you, Inder! — AlexR, Feb 22 '12 at 19:18

score 4 · Answer 1 · edited May 23 '17 at 12:03

First, this is a very specific form of the question "how do I prevent my application from being reverse engineered." The answer is you don't. You can implement some basic things to try to hide the information from an attacker. But there is no way to give your code to an attacker who has complete control of the hardware it runs on and still prevent it from being reverse engineered. For general discussion about this, see Obfuscating Cocoa. More versions of this question are listed in Secure https encryption for iPhone app to webpage.

So the real question is how to hide your information from the casual attacker, realizing that the dedicated attacker will defeat your scheme. When you ask the question that way, you realize that part of the answer is "as easily as possible because it would be silly to spend a lot of effort doing it if it's not going to be highly successful."

So shuffle the file with a long, random shared secret. Stick the shared secret in your code, and press on with life. If you want a good tool, I recommend CommonCrypto since it's built-in. Just remember that this is just obfuscation. As long as the key is in the software, you can't consider it "encryption."

If your secrets are valuable enough that you you have significant ongoing technical and legal resources to protect them, then mail me some more details and we can talk about how you create an anti-piracy and trade-secret protection team within your organization (I have experience doing that and would be happy to provide consultation expertise). But remember, Apple controls the iPhone top to bottom and has spent serious money to secure it. It's still jailbroken. Unless you are going to apply resources on a similar scale, you shouldn't expect a better result. In almost all cases, you are better off spending your resources making your product better than in protecting what you've shipped.

probably related https://stackoverflow.com/questions/44695274/how-to-avoid-hardcoding-keys-for-encryption-swift?noredirect=1#comment76374229_44695274 — ThE uSeFuL, Jun 22 '17 at 09:47

score -1 · Accepted Answer · answered Feb 22 '12 at 19:46

-1

Examples are in the iOS Developer Library.

https://developer.apple.com/library/ios/#documentation/Security/Conceptual/CertKeyTrustProgGuide/iPhone_Tasks/iPhone_Tasks.html#//apple_ref/doc/uid/TP40001358-CH208

answered Feb 22 '12 at 19:46

Jer In Chicago

828
5
7

I looked at the samples, but did not find iOS 5 specific information. Do you know where I could find it? – AlexR Feb 23 '12 at 17:43

iOS 5: How to encrypt property list in the bundle?

2 Answers2

Linked